I’m hoping we can get something a little more verbose in the logs for when AzureAD fails to join. I’ve had a few, but the logs don’t output a reason for failure. Something I was thinking was maybe add this into the script in the event of a failure:
Get-WinEvent -ProviderName "Microsoft-Windows-AAD" -MaxEvents 200 | ? {$_.LevelDisplayName -match "Error|Warning" -and $_.ID -match "1111|1112"} | Select-Object -ExpandProperty Message -Unique
This will get the most recent 200 events with the IDs 1111 or 1112 which are related to AAD joins specifically. Then it will print the error and warning messages for those events to the console. I added the “unique” switch in there to try and keep the information from repeating.